Commercially available ATM skimmers

Brian Krebs continues his excellent series of posts on ATM skimmers, this time with a report on the state of the art in commercially available artisan-crafted skimmers that can be bought through the criminal underground (accept no imitations!):

Generally, these custom-made devices are not cheap, and you won't find images of them plastered all over the Web. Take these pictures, for instance, which were obtained directly from an ATM skimmer maker in Russia. This custom-made skimmer kit is designed to fit on an NCR ATM model 5886, and it is sold on a few criminal forums for about 8,000 Euro -- shipping included. It consists of two main parts: The upper portion is a carefully molded device that fits over the card entry slot and is able to read and record the information stored on the card's magnetic stripe (I apologize for the poor quality of the pictures: According to the Exif data included in these images, they were taken earlier this year with a Nokia 3250 phone).

The second component is a PIN capture device that is essentially a dummy metal plate with a look-alike PIN entry pad designed to rest direct on top of the actual PIN pad, so that any keypresses will be both sent to the real ATM PIN pad and recorded by the fraudulent PIN pad overlay.

9 Responses to “Commercially available ATM skimmers”

There is a technology that surpasses the common mag stripe, Citicorp used it extensively during the 1980’s; it’s the “Magic Middle” which uses a series of metal bits laminated between the CC or Debit card layers. The pattern is unique to the master account to which the card is linked, the number sequence the pattern represents is huge, on the order of 4k bytes, and is encrypted prior to transmission upline for verification and authentication of the card and the linked access code or PIN. (aka “cracking Magic Middle”)

The card reader is essentially a sequence magnetometer which evaluates both the bit position and relative field strength reading of each bit. This could be improved with the addition of a unique holographic image, and/or making the bit pattern an array, rather than a simple sequence. (Patent Pending!)

This technology is vastly more secure than mag stripe and prevents the skimmers from doing anything like what we’ve been seeing.

I expect this could replace the mag stripe in a very few years..providing of course there is some substantial fiscal reward for the patent holders to do so!

I always inspect the machine, but I was looking for a camera, I had never heard of pad overlays.

Chip and pin may help, but here in the UK that has been cracked more than once. A line of garages was targeted and “engineers” replaced many of their c&p readers with dodgy versions, the whole chain had to switch back to signatures for several months.